In a bizarre turn of events, a British cyber-security researcher who just a few months ago was hailed a hero for preventing the spread of highly damaging ransomware has been charged in the U.S. for offenses connected to a separate malware case.

Marcus Hutchins was arrested on Wednesday shortly before boarding a U.K.-bound flight from Las Vegas

He’d been in the city for the annual Def Con conference where hackers, security experts, and researchers meet up to discuss cyber-security issues.

The 23-year-old Brit has been accused of crimes related to the Kronos malware that infected PCs via malicious email attachments and allowed hackers to steal people’s login credentials for online banking.

The allegations, which cover the period between July 2014 and July 2015, include that he helped to create and distribute Kronos in places such as hacker forums on the dark web.

The U.S. Department of Justice confirmed in a statement that Hutchins “was arrested in the United States on 2 August, 2017, in Las Vegas, Nevada, after a grand jury in the Eastern District of Wisconsin returned a six-count indictment against Hutchins for his role in creating and distributing the Kronos banking Trojan.”

Hutchins’ mother told the Press Association that she was “frantically calling America” in a bid to contact her son, adding that it was extremely unlikely her son had broken the law because he put so much work into preventing computer-related crime.

WannaCry hero

Indeed, Hutchins was hailed a hero by cyber-security experts around the world less than three months ago after he single-handedly ended the global spread of damaging ransomware known as WannaCry.

The ransomware first came to light on May 12, blocking access to computer systems belonging to major businesses and organizations around the world, among them the U.K.’s National Health Service and Spanish telecommunications giant Telefonica.

As WannaCry began to spread across the globe over the following days, Hutchins, working from his bedroom in south-west England, found a way to prevent the ransomware from causing further damage after examining its code. You can read his detailed account of the episode on his blog.

According to the Guardian, the Brit has been working remotely for LA-based Kryptos Logic, a cyber-security company that offered him a job in 2016 after being impressed by his tech blog.

But Hutchins now finds himself in custody, accused by the U.S. authorities of cybercrimes linked to a separate matter. A court hearing is expected to take place on Friday aimed at organizing his legal representation.